Main Page

From ForensicsWiki
Revision as of 20:32, 13 December 2011 by Simsong (Talk | contribs)

Jump to: navigation, search

This is the Forensics Wiki, a Creative Commons-licensed wiki devoted to information about digital forensics (also known as computer forensics). We currently list a total of 863 pages.

Much of computer forensics is focused on the tools and techniques used by investigators, but there are also a number of important papers, people, and organizations involved. Many of those organizations sponsor conferences throughout the year and around the world. You may also wish to examine the popular journals and some special reports.

WIKI MAINTENANCE NOTE: We have re-installed mediawiki. New anti-spam measures and account re-confirmation software is in effect. Please let us know if you have problems on the Contact Form

Featured Forensic Research

Dec 2011

Baier, H., Breitinger, F. - Security Aspects of Piecewise Hashing in Computer Forensics
IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on pp. 21 -36, may 2011
Author : Baier, H., Breitinger, F.
Title : Security Aspects of Piecewise Hashing in Computer Forensics
In : IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on -
Address :
Date : may 2011

Although hash functions are a well-known method in computer science to map arbitrary large data to bit strings of a fixed length, their use in computer forensics is currently very limited. As of today, in a pre-step process hash values of files are generated and stored in a database, typically a cryptographic hash function like MD5 or SHA-1 is used. Later the investigator computes hash values of files, which he finds on a storage medium, and performs look ups in his database. This approach has several drawbacks, which have been sketched in the community, and some alternative approaches have been proposed. The most popular one is due to Jesse Kornblum, who transferred ideas from spam detection to computer forensics in order to identify similar files. However, his proposal lacks a thorough security analysis. It is therefore one aim of the paper at hand to present some possible attack vectors of an active adversary to bypass Kornblum's approach. Furthermore, we present a pseudo random number generator being both more efficient and more random compared to Kornblum's pseudo random number generator.

(See also Past Selected Articles)

Featured Article

Forensic Linux Live CD issues
Forensic Linux Live CD distributions are widely used during computer forensic investigations. Currently, many vendors of such Live CD distributions state that their Linux do not modify the contents of hard drives or employ "write protection." Testing indicates that this may not always be the case. Read More...


You can help! We have a list of articles that need to be expanded. If you know anything about any of these topics, please feel free to chip in.